CVE-2025-30076 Information

Description

Koha before 24.11.02 allows admins to execute arbitrary commands via shell metacharacters in the tools/scheduler.pl report parameter.

Reference

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=39170 https://github.com/gl0wyy/koha-task-scheduler-rce